Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities (Cisco 集成管理控制器跨站脚本漏洞) 漏洞概述 在 Cisco Integrated Management Controller (IMC) 的基于 Web 的管理界面中存在多个漏洞,允许远程攻击者对界面用户进行跨站脚本 (XSS) 攻击。 漏洞类型: CVE-2026-20085: Cisco IMC Reflected XSS Vulnerability (反射型 XSS 漏洞) CVE-2026-20087, CVE-2026-20088, CVE-2026-20089, CVE-2026-20090: Cisco IMC Stored XSS Vulnerabilities (存储型 XSS 漏洞) 严重程度: Medium (中等) CVSS Score: Base 6.1 利用条件: 攻击者需诱使用户点击恶意链接(针对反射型)或存储恶意脚本(针对存储型)。 影响范围 以下 Cisco 产品若运行了受影响版本的 Cisco IMC,则存在风险: 主要受影响产品: 5000 Series Enterprise Network Compute Systems (ENCS) Catalyst 8300 Series Edge uCPE UCS C-Series M5 and M6 Rack Servers (standalone mode / 独立模式) UCS E-Series Servers M3 UCS E-Series Servers M6 UCS S-Series Storage Servers (standalone mode / 独立模式) 其他受影响产品 (基于预配置版本的 Cisco UCS C-Series Servers): Application Policy Infrastructure Controller (APIC) Servers Business Edition 6000 and 7000 Appliances Catalyst Center Appliances Cisco Telemetry Broker Appliances Cloud Services Platform (CSP) 5000 Series Common Services Platform Collector (CSPC) Appliances Connected Mobile Experiences (CMX) Appliances Connected Safety and Security UCS Platform Series Servers Cyber Vision Center Appliances Expressway Series Appliances HyperFlex Edge Nodes HyperFlex Nodes in HyperFlex Datacenter without Fabric Interconnect (DC-No-Fi) deployment mode IEC6400 Edge Compute Appliances IOS XrY 9000 Appliances Meeting Server 1000 Appliances Nexus Dashboard Appliances Prime Infrastructure Appliances Prime Network Registrar Jumpstart Appliances Secure Endpoint Private Cloud Appliances Secure Firewall Management Center Appliances Secure Malware Analytics Appliances Secure Network Analytics Appliances Secure Network Server Appliances Secure Workload Servers 修复方案 变通方法 (Workarounds): Cisco 确认没有变通方法可以解决这些漏洞。 修复软件 (Fixed Software): Cisco 强烈建议客户升级到以下固定版本: 其他产品修复指令: Cisco Telemetry Broker Appliances: 应用固件更新 IEC6400 Edge Compute Appliances: 使用 进行 HUJ 升级 Secure Endpoint Private Cloud Appliances: 升级至 Release 4.2.5 或更高版本,然后遵循 TechNotes 中的步骤 Secure Firewall Management Center Appliances: 应用 HUJ/FX Secure Malware Analytics Appliances: 使用 Out-of-Band Firmware Update (OOF) procedure 更新固件 Secure Network Analytics Appliances: M5: 安装补丁 M6: 补丁预计于 2026 年 4 月发布 Secure Network Server Appliances**: 应用 BIOS 和 HUJ 升级(参考 Cisco Secure Network Server 3600/3700 Series Firmware Upgrade Guide)